Blog Posts Tagged with "Third Party"

If a third party is providing your organization a service that has access to your cardholder data environment (CDE) or the third party could come into contact you’re your cardholder data (CHD), then that third party must ensure that the service complies with all relevant PCI requirements...

What if 25% of your bugs actually ARE discovered by your customers? There is a collision of a few things here that makes this matter a lot less simple than we'd like, and a lot less convenient if you think you have a solution to the problem, but in the end it is a problem...

Rather than brute-forcing the account, the hackers gained access by doing some creative social engineering by contacting Apple customer support. The problem is that we often turn over our data to 3rd-party providers without understanding what protocols they have in place to keep our data safe...

The third-party authentication process implements the open standard for authorization, or OAuth, that allows users to share private resources stored on one site with another. The hack raises a serious question regarding the security level ensured by third-party authentication processes...

There are numerous third parties and cloud providers around. A few have already achieved a dominant position, but a recent article highlighted that "others have opportunities to get into the act by offering more security and protection". So there you are, security can be a unique selling proposition...

Beyond managing regulations and liability, companies outsource their IT functions to third parties create infosec privacy and legal difficulties, including loss of control and challenges with enforcement. Risk and compliance obligations do not disappear when using a third-party service provider...

About a week ago, I read about this new daily deal service called edo that ties to your bank account, and the first thing that came to my mind is “uh oh, another attack vector into my bank info”. Here are a list of features that are those potential attack vectors...

I don’t want to see the main outcome of security and data breaches become lengthy litigation. If cloud security boils down to he who has the best law team, the direction of security will have an approach of least exposure to litigation versus Cyber threats. This does not settle with me as a valid security driver for improving security posture...

FedRAMP is a government-wide program that provides a standardized approach to security assessment, authorization, and monitoring for Cloud Service Providers. This document has been designed for Third-Party Independent Assessors to use for planning security testing of CSPs...

Certification of compliance demonstrates that at that given point of time the entity was in adherence to the PCI standards. The threat landscape is dynamic and ever changing requiring those entrusted with our data to take steps beyond compliance to protect that data...

Organizations below the security poverty line tend to be inordinately dependent on third parties and have less direct control over the security of the systems they use. They end up ceding risk decisions to third parties that they ideally should be making themselves...

Does the government have a responsibility to protect innocent third parties from collateral damage when it seizes their property in the course of prosecuting alleged copyright infringement? That is the question a federal district court will consider...

Most financial institutions purchase their software applications from third party development firms. With all of the regulatory changes going on in the financial institution industry, these software firms have been focused on those regulatory changes and not PCI compliance...

The FTC sees a greater threat to consumers in third-party data collection because of lack of notice, choice and transparency in the practices of data collectors. But the challenge is understanding where to draw the line between “first party” and “third party” practices...

For all intents and purposes, penetration testing had become such a low quality affair that clients stopped paying for it unless they were driven by regulations to perform periodic tests of their perimeter "by an independent third party"...

The recent explosion in Mobile application development paints a clear picture of the modern development landscape. Not only in terms of the incredible speed of production, but perhaps more importantly, the widening gap between speed-to-market and software security quality...